Please help me protect my e-mail better

Hello, new user here. I have been struggling the past few days thinking of how I can protect my e-mail better. My threat level is “Big corp leave me alone pls”, but more and more companies nowadays are demanding e-mails/ phone numbers to even use their services (restaurant bookings, train tickets…), and I am becoming increasingly aware of the need of protecting my e-mail box from being a venue for spam or possible scams when these companies inevitably get breached and my e-mail is leaked or sold.

I currently have 4 Gmail accounts. As my oldest Gmail account started to get full, I created others, and most of them are somewhat general purpose accounts. I would like to unify them in some manner. More recently I created a free proton e-mail that I use exclusively for banks and government communications, and have slowly been migrating those institutions from my Gmail. I don’t mind keeping the proton app installed on my phone just for these e-mails. However, this setup has some limitations:

1. Google being one of the biggest sellers of data, I have no doubt a lot of the spam and “promo e-mails” I get come directly from them selling my data to advertisers.

2. I use the same e-mail for a lot of different services, and when one of those gets breached, it’s not so simple for me to get rid of that e-mail since so many other services are tied to it.

3. I prefer service providers that I can use IMAP with, and proton isn’t one. Also, I find Proton paid plans very expensive.

Here’s what I want to do:

1. Get a custom e-mail domain (I am persuaded by the idea that custom domains make it easier to migrate my mailbox if a services stops being good/ prices change too drastically). I also like the idea of ownership of a domain.

2. An e-mail host that has enough (ideally unlimited) aliases/mask e-mails so that I can have one allocated to EVERY random website I sign up to, that can be easily turned off in the case of a breach (e.g. instagram.2958@[customdomain].com).

3. My goal: have two e-mails only: one proton (free) email, only for gov and bank accounts, and one paid (maybe Mailbox or Migadu) custom e-mail to receive everything that will be forwarded by all the aliases. the aliases should be able to be turned on/off at a whim, and easily replaceable.

I am currently in the buying a custom domain phase, but I’m not sure where to host it. I know Mailbox org is recommended by this forum, and I appreciate that I can use IMAP with it, unlike with Proton or Tuta. But Mailbox seems to limit custom emails to 25, which is probably not enough for what I want to do. The price is… okay, I can deal with it. I know Migadu also exists, and that one has infinite aliases, but the service isn’t as well known and it isn’t that easy to find information on how to configure things (I’m not a very technical person, just interested in privacy stuff). This is my biggest contender currently, and it is priced very reasonably.

Alternatively, I know services like addy io, Simplelogin and Duckduckgo exist, but I know from experience some platforms automatically ban accounts created using these e-mails (case in point, Reddit and X), so I don’t consider these good for anything other than maybe signing up to random newsletters. I have also considered just using Proton for gov communications only, get a Tuta free account for general purpose emails, and just redirect everything from the Gmails. This setup would be free which is a plus, but then again Tuta also locks me into their app and I really would like to be able to use IMAP and set rules for incoming e-mails. And Tuta Free of course also wouldn’t solve the alias issue.

I don’t need my e-mails to be E2EE (I understand e-mail is only as private as the person I am talking to anyway), as long as I can have enough aliases for each service I sign up to, and I can quickly dispose of one alias when it leaks, I’m good. Could be worth mentioning that I have a Bitwarden account also, which I know allows the creation of aliases on the go.

Am I overcomplicating things? Do I really need to pay for a specific e-mail service provider for the goal I want to achieve? Please help me set my thoughts straight, as I feel like there is probably a simple solution here that I’m not seeing.

Kind regards.

should we be cautious?

On more serious note though:

@MichaelJohn please stop doing this. ASAP. Learn about diversity. And if you really want to stick with this approach, use addy.io and create many aliases (one alias = one company).

With addy.io if you get some spammy email on one of your aliases, you just deactivate/delete that alias. And you are again spam-free. Its that simple.

I use Mailbox.org through IMAP. The biggest issue with it, in my opinion, is that the web interface is slow and clunky. At first I managed aliases through it, but at a certain point that became slow and cumbersome so I signed up for SimpleLogin. Now I have hundreds of disposable aliases that I can manage through a snappy browser extension.

One note about SL: their Firefox extension recently added a “read data from all webpages” permission that wasn’t there before. I haven’t had time to look into what the rationale for this is yet, so thus far I’ve just declined to update it since that seems like an unnecessary and invasive permission.

I do still have a handful of aliases via Mailbox.org for semi-anonymous internet accounts that I don’t want linked back to my custom domains. But I simply don’t have the patience to be spinning up and deleting tons of aliases via their settings page.

Please read the entire OP.

@mika Also using mailbox.org. Also thinking that their webui is disgusting. Thats why I have not logged there in close to 5 months. I use SparkMail app.

Thanks for your reply.

I do still have a handful of aliases via Mailbox.org for semi-anonymous internet accounts that I don’t want linked back to my custom domains. But I simply don’t have the patience to be spinning up and deleting tons of aliases via their settings page.

So you don’t even use Mailbox’s aliases that come with the subscription? you just use SimpleLogin’s aliases? How do you deal with more important accounts, such as for example LinkedIn (if you use)? do you have a spare e-mail just for those? Have your accounts you created using aliases ever been banned before? Also, do you pay for Simplelogin? IF you do, at that point between Mailbox+SL, its probably better to get a proton paid subscription, no?

I have several tiers of email addresses:

1. Zero anonymity, high priority email addresses. I have one for personal correspondence (friends/family) and one for work. These are fixed addresses at my custom domain. I receive a notification on my phone and computer for these.
2. Zero anonymity, medium priority email addresses. These are fixed addresses at my custom domain, but they get put into a separate folder and don’t ping me. Stuff like volunteering/banking/medical etc correspondence go here. I also have a fixed address I use for my most important online accounts (like BitWarden).
3. Zero anonymity, low priority email addresses. This is for uses where they already know my identity, but where correspondance isn’t important and I want to insulate against data breaches. Examples: online shopping, concert tickets, donations. This is where SimpleLogin lives, though I also have a couple of catch-alls set up at my custom domain in case I’m asked in person and can’t spin up a new SL address. I use SimpleLogin with a separate custom domain, so theoretically they can be linked back to me. These addresses get auto-categorized as low priority in my email client and don’t ping me with a notification.
4. Possible anonymity addresses. In cases where a service has no personal information on me (like this forum), that’s when I use an @mailbox.org address or a SL generated address through their default domain.

The reality is the vast majority of the emails I send and receive are with people or entities who already know who I am, so I’m mostly just trying to insulate myself from spam and data breaches.

No. If I’m reading them off verbally then sometimes people will ask “wtf is that domain?” but that’s it. There were also one or two times that a service wouldn’t accept a SimpleLogin generated address, so I had to use one of my Mailbox.org addresses instead.

I was paying for it separately at first. Now I have a package because I also use Proton Calendar & VPN.

I would love to migrate to Proton Mail someday, but there are two issues holding me back:

1. No way to sync contacts with Android/iOS. I do not have the patience to maintain two separate contact books. This is the big one for me.
2. Also, from what I understand emails from Proton seem to get blocked/flagged/categorized as spam more frequently than other providers. I run a business so I can’t risk having emails not go through.

The lack of CalDAV used to bother me but now that the ProtonCalendar apps have improved a lot I don’t mind it.

In this case, use their business offerring

I will probably get “downvoted” to oblivion but considering your threat level, I think Fastmail would be pretty on point for you.

Can use IMAP, supports many customs domains and can create masked emails with your own domain and it works great.

I’m not seeing how their businesses offerings address either of the issues I identified, unfortunately.

I actually have no issues with Fastmail, even if they aren’t particularly private. But for 5 euros/month, I would at least like to try to get Migadu with a custom domain, and if I can work it out, I think I found home. Otherwise I’ll give Fastmail a consideration (Although Mailbox + Simplelogin is the same price, with the added privacy features of mailbox).

Thanks for your comment.